Export limit exceeded: 343523 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8844 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52138 | 1 Mate-desktop | 1 Engrampa | 2025-06-17 | 8.2 High |
| Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa. | ||||
| CVE-2025-4178 | 2 Microsoft, Xiaowei1118 | 2 Windows, Java Server | 2025-06-17 | 5.4 Medium |
| A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2024-50648 | 2 Guchengwuyue, Yshopmall | 2 Yshopmall, Yshopmall | 2025-06-17 | 9.8 Critical |
| yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files. | ||||
| CVE-2024-50649 | 2 Python Book, Timgreen | 2 Python Book, Python Book | 2025-06-17 | 9.8 Critical |
| The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. | ||||
| CVE-2025-1127 | 1 Lexmark | 1 Lexmark | 2025-06-16 | 9.1 Critical |
| The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem. | ||||
| CVE-2023-39611 | 1 Softwarefx | 1 Chart Fx | 2025-06-16 | 7.5 High |
| An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. | ||||
| CVE-2025-6109 | 2025-06-16 | 4.3 Medium | ||
| A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6108 | 2025-06-16 | 6.3 Medium | ||
| A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-22240 | 2025-06-16 | 6.3 Medium | ||
| Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to. | ||||
| CVE-2025-22238 | 2025-06-16 | 4.2 Medium | ||
| Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory. | ||||
| CVE-2025-46783 | 2025-06-16 | N/A | ||
| Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is running by tampering with specific files used on the product. | ||||
| CVE-2024-46212 | 1 Redaxo | 1 Redaxo | 2025-06-13 | 4.9 Medium |
| An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal. | ||||
| CVE-2025-28099 | 1 Fumiao | 1 Opencms | 2025-06-13 | 4.3 Medium |
| opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp, | ||||
| CVE-2024-52771 | 1 Dedebiz | 1 Dedebiz | 2025-06-13 | 9.1 Critical |
| DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view. | ||||
| CVE-2024-29460 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-12 | 6.6 Medium |
| An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. | ||||
| CVE-2025-45238 | 1 Qianfox | 1 Foxcms | 2025-06-12 | 9.1 Critical |
| foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method. | ||||
| CVE-2025-45239 | 1 Qianfox | 1 Foxcms | 2025-06-12 | 5.3 Medium |
| An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal. | ||||
| CVE-2025-4329 | 1 74cms | 1 74cms | 2025-06-12 | 4.3 Medium |
| A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2048 | 1 Lana | 1 Lana Downloads Manager | 2025-06-12 | 4.1 Medium |
| The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server | ||||
| CVE-2025-47273 | 3 Debian, Python, Redhat | 4 Debian Linux, Setuptools, Enterprise Linux and 1 more | 2025-06-12 | 8.8 High |
| setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue. | ||||